<?php
include('config.php');
if(($_POST[user]=="")||($_POST[pass]=="")) {

  echo "Pls, enter username and password.";

  }
else {
  $user=$_POST[user];
  $pass=$_POST[pass];
  $query='SELECT * FROM user WHERE user="'.$user.'" AND pass="'.$pass.'"';
  $rs=mysql_query($query,$db);

if(mysql_num_rows($rs)<1){
    echo "User and pass not correct!";
  }
else{
    echo "You are login, thankiu!<br>";
?>
Click <a href="news.php">here</a> to view news.
<?
  }

}

?>